A blog about Cyber Security & Compliance

UK companies are placing themselves at risk of cyberattacks and data breaches as a result of rampant use of cloud storage services and unclear or non-existent corporate policies according to research released today by WinMagic Inc. The survey, conducted by CensusWide, of 1,000 office workers in organisations of 50 or more employees revealed widespread, and often unilateral employee use of cloud storage services could be leaving businesses with poor visibility of where their data is stored, placing potentially confidential data at risk.

Key Findings

65% of employees don’t have or don’t know the company policy on cloud storage

1 in 10 employees who use cloud storage services at least once a week have no confidence in the security of their data saved and accessed from the cloud

Cloud storage use varies widely – 41% use cloud services at least once a week, whilst 42% never use these services at all

1 in 20 employees who use cloud services at least once a week, do so despite these services being restricted by their company

35% of employees used a company sanctioned service

43% were unaware of their employer’s policy on the use of these services. In addition, of those that use cloud storage at least once a week

50% of respondents use personal equipment to access work information and services at least one a week

47% of employees use company-issued equipment at home at least once a week

Darin Welfare, EMEA VP at WinMagic, said: “This survey highlights the challenge businesses face when managing data security in the cloud. IT teams have had to cede a level of control as employees have greater access to services outside corporate control and this research indicates that IT must take additional steps to protect and control company data in this new technology landscape. The wide range of employee adoption of these services also means an additional layer of complexity when devising corporate policies and education programmes for the use of cloud storage services.”

Employees are increasingly accessing work documents and services outside the office, particularly among regular users of cloud storage. The survey revealed 70% of employees who use cloud storage at least once a week will also use work equipment at home at least once a week, significantly higher than the UK average of 47%.

The WinMagic survey highlights a clear disparity between employee use of cloud services and company IT policy, which suggests that businesses must increase focus on devising clearer security policies and better staff training programmes in order to minimise the risk for the business.

Darin Welfare added: “One of the key steps that any organisation can take to mitigate the risk from the widespread use of unsanctioned cloud services is to ensure that all company data is encrypted before employees have the opportunity to upload to the cloud. In the eventuality that the cloud vendor does not adequately put in place control mechanisms and procedures to ensure security across their infrastructure, sensitive and valuable corporate data is still encrypted and cannot be accessed and understood beyond those who have the right to. This approach provides the company with the assurance that the IT team is in control of the key and management of all company data before any employees turn to cloud storage services.”

“This survey should serve as a wake-up call for IT teams to focus resources on crafting the stringent security policies, and employee education programmes that will help the business stay secure. It also indicates that this is not something that is only down to employee behaviour. Businesses need better training for all staff on the potential dangers of cloud services. Businesses must catch up with the employee cloud revolution or risk potentially catastrophic data loss.”